Anyone shopping for e-books in the coming months would do well to check out the EFF's handy guide to the various readers and book stores' privacy pros and cons. It rates Google Books, Amazon Kindle, B&N Nook, the Sony Reader, and the FBReader on what info is collected, who it's shared with, and what control (if any) users have over their reading habits.

One particularly worrying quote:

Amazon's wording — "information related to the content on your Device and your use of it" — reads so broadly that it appears to allow Amazon to track all content that users put on the device, regardless of whether that content is purchased from Amazon. Some security researchers have indicated that the Kindle may even be tracking its users' GPS locations. Is this the future of reading?

It's a great resource, but it misses a key question for anyone planning on building a digital library. Which book stores and devices allow the vendor to reach into your e-book and delete books you've already bought?

After reviewing the relevant law, he concludes that the best approach would be to define the terms of service very carefully, ensuring that data is kept in the digital equivalent of a sealed container and that it is absolutely clear that the data being hosted is confidential.

Perhaps the most bit:

There are those who may suggest that information that deserves the special protection associated with confidential or private status should always be under an owner’s direct control. A more nuanced view that turns on the actual relationship between data owner and data processor invites a realistic balancing of interests that doesn’t clash with a model of computing that has become so prominent. Bring on the cloud!

Dan gets it. The internet has made it next to impossible to be sure that your information lives only in your office, and developments in cloud computing and online collaboration tools make it undesirable to insist on local storage. We need a legal model that allows us to adopt these new tools without losing our traditional expectations of privacy.

This is my second post on the BC Privacy Commissioner's recent order in the Wild Coyote Club complaint. The first is available here. A press release from the Commissioner's Office is available here, while the full decision is here.

First of all, it is important to note that the order is specific to the Wild Coyote Club and their application of the TreoScope system. While other clubs may make changes based on this decision, some may continue to scan IDs for the foreseeable future. Expect more fallout from this decision over the weekend as clubgoers find they are still being scanned.

Opening the TreoScope black box

The order explores the workings of the TreoScope system in great detail, explaining what information is collected, how it is stored, and who it is available to. This discussion is particularly interesting because in the past, TreoScope has been less than forthcoming with information about their system's inner workings.

Information collected by the TreoScope system includes:

Name

Date of birth

License number

Partial postal code

Photograph

This information is used to generate a patron profile, tracking visits to other clubs using the TreoScope system.

Staff of the club can only see the following:

Name

Photo

Age (not date of birth)

Notes on patron specific to that club (incidents, VIP status, etc.)

All of the information is stored on TreoScope's servers, and no club has access to information generated by other clubs aside from "community incident" reports, which are sent out if a patron behaves poorly at the club.

TreoScope as Licensing Requirement

Interestingly, the Liquor Branch has required some establishments to install a TreoScope-like ID scanning system. ABLE BC, a liquor industry lobby group, submitted that "the supply and recording of identification is necessary to provide our service and to protect our customers and the public."

PIPA Analysis

Necessity of collection

In determining the "necessity" of data collection, the Commissioner looked to three areas:

nature of information collected

purpose of collection

the scope of the collection

The collection of personal information must be "integral to the provision of the product or service". Throughout the entire analysis, the collection of information must be minimal. The standard is higher the more sensitive the information collected is.

In the case of TreoScope and the Wild Coyote Club, the Commissioner found that the collection was not necessary to provide the service, and that the purposes outlined could be met by less invasive means.

Necessity of data retention

In ordering Wild Coyote Club and TreoScope to destroy data collected in violation of PIPA, the Commissioner wrote that since "it is not necessary or appropriate for Wild Coyote to collect the full range of information which is at present collected by the TreoScope system, it is not necessary for Wild Coyote to retain that information for any period."

Conclusions

It remains to be seen what impact the decision will have on the practices of other bars and clubs in BC. Public opinion has been split between those relieved that their personal information will finally be protected to those who are concerned that gang violence will spike. This story certainly will not end with the Privacy Commissioner's order.

The BC Privacy Commissioner issued a long awaited order regarding the use of the TreoScope system today, finding that while collecting information to keep troublemakers out of bars and clubs is a worthy objective, the method of collection currently used by the Wild Coyote Club and the TreoScope system "does not comply with PIPA", BC's Personal Information Protection Act.

Canadian Public Safety Minister Peter Van Loan appeared on the last episode of TVO's Search Engine to defend the Conservatives' new "lawful access" bill. If passed, the bill will force ISPs to install equipment to facilitate internet wiretapping and allow Canadian police access to customer name and address information from internet service providers without court oversight.

This new bill comes only two years after former Public Safety Minister Stockwell Day assured the public that police would require court approval to access subscriber name and address information:

"We have not and we will not be proposing legislation to grant police the power to get information from Internet companies without a warrant. That's never been a proposal," Mr. Day said. "It may make some investigations more difficult, but our expectation is rights to our privacy are such that we do not plan, nor will we have in place, something that would allow the police to get that information."
- Ottawa Citizen, September 14, 2007

Public Safety Minister Peter Van Loan

However, in his Search Engine interview, Minister Van Loan denied that his government had ever made such promises. He also clashed with Jesse Brown, the host of Search Engine, over the phrase "reasonable expectation of privacy". Van Loan referred to what Canadian courts have defined as a "reasonable expectation of privacy", while Brown suggested that those legal definitions may clash with what Canadian internet users feel should be private.

Van Loan is correct in stating that Canadian courts have been hesitant to find even the slightest expectation of privacy in internet protocol addresses or phone numbers (I'll address these rulings in a later post). However, Brown is correct to point out that Canadians using the internet expect that their activities are carried out in private, whether or not the court finds these expectations reasonable.

More and more areas of our lives are moving into the online world, from work to play, from the social to the political. Van Loan's legislation will allow Canadian law enforcement agencies unprecedented access to our private lives. While the new law may meet the "reasonable" standards of constitutionality, it is still an unreasonable intrusion on innocent Canadians' lives.

CBC News is reporting that between 2000 and 2008, Canadian police forces used secret warrantless wiretaps in at least 267 cases. In Canada, emergency wiretaps can be conducted outside of any system of oversight, leading to concern over potential abuse.

Typically, police wiretaps must be supervised by a court, but in cases of emergency the Criminal Code grants police special powers under Section 184.4:

Interception in exceptional circumstances

184.4 A peace officer may intercept, by means of any electro-magnetic, acoustic, mechanical or other device, a private communication where

(a) the peace officer believes on reasonable grounds that the urgency of the situation is such that an authorization could not, with reasonable diligence, be obtained under any other provision of this Part;

(b) the peace officer believes on reasonable grounds that such an interception is immediately necessary to prevent an unlawful act that would cause serious harm to any person or to property; and

(c) either the originator of the private communication or the person intended by the originator to receive it is the person who would perform the act that is likely to cause the harm or is the victim, or intended victim, of the harm.

The use of emergency wiretaps is not new, and as in the case of Graham McMynn discussed in the article, often important. However, what is disturbing in the Canadian implementation is the absence of transparency and accountability.

Transparency: With ordinary wiretaps, there is a requirement to notify the target of the intercept once the investigation has been completed. There is no such requirement for emergency wiretaps, meaning that the targets will only discover they have been wiretapped if the case goes to court and the wiretap is used in evidence. Additionally, we have no clear picture of how often these secret wiretaps are used, or what they are used for. Police agencies must report their court ordered wiretapping activities to Parliament yearly, detailing the number of wiretaps authorized and the kinds of cases they were authorized for.

Accountability: In the United States, wiretaps can be started without a court order in the case of an emergency, but law enforcement must seek authorization from a judge within three days of starting the intercept, bringing the emergency powers under the control of the court. There are no such provisions in Canada. Just as we have no way to know how often s. 184.4 wiretaps are used, we have no way to know if they are used appropriately.

As the Ministry of Public Safety pushes for broader police "lawful access" powers, it is important to examine the powers they already do have. As it stands, the surveillance powers afforded Canadian police are overly broad, and should be brought within a system of accountability and oversight.